{"id":15687,"date":"2024-01-03T12:07:28","date_gmt":"2024-01-03T03:07:28","guid":{"rendered":"https:\/\/lab4ict.com\/system\/?p=15687"},"modified":"2024-01-03T13:31:21","modified_gmt":"2024-01-03T04:31:21","slug":"%e5%85%ac%e9%96%8b%e7%94%a8%e3%81%aewordpress%e3%82%b5%e3%83%bc%e3%83%90%e3%82%92%e6%a7%8b%e7%af%89%e3%81%99%e3%82%8b%ef%bc%81%ef%bc%88tls%e3%81%ae%e6%9a%97%e5%8f%b7%e8%a8%ad%e5%ae%9a%e3%82%92","status":"publish","type":"post","link":"https:\/\/lab4ict.com\/system\/archives\/15687","title":{"rendered":"\u516c\u958b\u7528\u306eWordPress\u30b5\u30fc\u30d0\u3092\u69cb\u7bc9\u3059\u308b\uff01\uff08Ubuntu 20.04\uff0fTLS\u6697\u53f7\u5f37\u5ea6\u3092\u5f37\u5316\u3059\u308b\uff01\uff09"},"content":{"rendered":"<p>Apache + OpenSSL\u306b\u3088\u308bTLS\u901a\u4fe1\u306e\u6697\u53f7\u8a2d\u5b9a\u3092\u5f37\u5316\u3057\u307e\u3059\u3002<br \/>\n<!--more--><\/p>\n<h2>TLS\u306e\u8a2d\u5b9a\u5185\u5bb9\u3092\u6c7a\u5b9a\u3059\u308b\uff01<\/h2>\n<p>\u6700\u521d\u306bTLS\u306e\u8a2d\u5b9a\u5185\u5bb9\u3092\u6c7a\u5b9a\u3057\u307e\u3059\u3002\u6700\u521d\u306b\u3001IPA\u3067\u5b9a\u7fa9\u3055\u308c\u305f\u9ad8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u578b\u306eTLS\u3092\u884c\u3046\u3053\u3068\u306b\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>TLS\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u306f\u3001TLS1.2\u3068TLS1.3\u306e\u307f\u3068\u3059\u308b\u3002<\/li>\n<li>\u6697\u53f7\u30b9\u30a4\u30fc\u30c8\u9806\u5e8f\u30b5\u30fc\u30d0\u512a\u5148\u8a2d\u5b9a\u3092\u884c\u3046\u3002<\/li>\n<li>IPA\u3067\u5b9a\u7fa9\u3055\u308c\u305f\u9ad8\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u578b\u306e\u6697\u53f7\u5316\u65b9\u5f0f\u306e\u307f\u3092\u63a5\u7d9a\u53ef\u80fd\u3068\u3059\u308b\u3002<\/li>\n<\/ul>\n<h2>TLS\u306e\u6697\u53f7\u5316\u5f37\u5ea6\u306e\u8a2d\u5b9a\u3092\u5909\u66f4\u3059\u308b\uff01<\/h2>\n<p>TLS\u306e\u8a2d\u5b9a\u5185\u5bb9\u3092\u5909\u66f4\u3057\u307e\u3059\u3002\u4ee5\u4e0b\u306eSSLEngine on\u4ee5\u4e0b\u3092\u8ffd\u52a0\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo vi \/etc\/apache2\/sites-available\/default-ssl.conf\r\n...\r\nSSLEngine on\r\nSSLCipherSuite ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-AES256-CCM:ECDHE-ECDSA-AES256-CCM8:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES128-CCM:ECDHE-ECDSA-AES128-CCM8:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-AES256-CCM:DHE-RSA-AES256-CCM8:DHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES128-CCM:DHE-RSA-AES128-CCM8\r\nSSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256\r\nSSLProtocol TLSv1.2 +TLSv1.3\r\nSSLHonorCipherOrder On\r\n...\r\n<\/pre>\n<p>\u3053\u306e\u8a2d\u5b9a\u306f\u3001IPA\u306e\u4ee5\u4e0b\u306e\u8cc7\u6599\u3092\u3082\u3068\u306b\u6c7a\u5b9a\u3057\u307e\u3057\u305f\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.ipa.go.jp\/security\/crypto\/guideline\/ssl_crypt_config.html\" target=\"_blank\" rel=\"noopener\">TLS\u6697\u53f7\u8a2d\u5b9a\u30ac\u30a4\u30c9\u30e9\u30a4\u30f3\u3000\u5b89\u5168\u306a\u30a6\u30a7\u30d6\u30b5\u30a4\u30c8\u306e\u305f\u3081\u306b\uff08\u6697\u53f7\u8a2d\u5b9a\u5bfe\u7b56\u7de8\uff09<\/a><\/li>\n<\/ul>\n<h2>HSTS\u3092\u6709\u52b9\u5316\u3059\u308b\uff01<\/h2>\n<p>\u30bb\u30ad\u30e5\u30ea\u30c6\u30a3\u3092\u9ad8\u3081\u308b\u305f\u3081\u306b\u300cHSTS\uff08HTTP Strict Transport Security\uff09\u300d\u3092\u6709\u52b9\u5316\u3057\u307e\u3059\u3002\u672c\u8a2d\u5b9a\u306b\u3088\u308a\u3001\u30d6\u30e9\u30a6\u30b6\u306bHTTPS\u3067\u901a\u4fe1\u3059\u308b\u3088\u3046\u306b\u6307\u793a\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1]; title: ; notranslate\" title=\"\">\r\n$ sudo vi \/etc\/apache2\/sites-available\/default-ssl.conf\r\n...\r\n&lt;VirtualHost _default_:443&gt;\r\n...\r\nHeader set Strict-Transport-Security: &quot;max-age=31536000; includeSubDomains; preload&quot;\r\n...\r\n&lt;\/VirtualHost&gt;\r\n<\/pre>\n<p>mod_headers\u3092\u6709\u52b9\u5316\u3057\u3066\u3001Apache\u3092\u518d\u8d77\u52d5\u3057\u307e\u3059\u3002<\/p>\n<pre class=\"brush: plain; highlight: [1,5]; title: ; notranslate\" title=\"\">\r\n$ sudo a2enmod headers\r\nEnabling module headers.\r\nTo activate the new configuration, you need to run:\r\n  systemctl restart apache2\r\n$ sudo systemctl restart apache2\r\n<\/pre>\n<h2>\u8a2d\u5b9a\u3092\u898b\u76f4\u3059\uff01<\/h2>\n<p>\u3053\u3053\u3067\u3001\u4ee5\u4e0b\u8a2d\u5b9a\u3092\u898b\u76f4\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li>\u5f53\u30b5\u30a4\u30c8\u306e\u8a3c\u660e\u66f8\u306fRSA\u306a\u306e\u3067\u3001\u8a3c\u660e\u66f8\u306b\u6955\u5186\u6697\u53f7\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u6697\u53f7\u5316\u65b9\u5f0f\u3092\u9664\u304f\u3002<\/li>\n<li>\u9375\u4ea4\u63db\u3067DHE\u3092\u4f7f\u7528\u3057\u3066\u3044\u308b\u30d6\u30e9\u30a6\u30b6\u306f\u5c11\u306a\u3044\u306e\u3067\u3001DHE\u306f\u300cDHE-RSA-AES256-GCM-SHA384\u300d\u306e\u307f\u306b\u3059\u308b\u3002<\/li>\n<li>\u53e4\u3044\u30d6\u30e9\u30a6\u30b6\u3084\u30b9\u30de\u30db\u7528\u306b\u300cECDHE-RSA-AES256-SHA384\u300d\u3092\u8a2d\u5b9a\u3059\u308b\u3002<\/li>\n<\/ul>\n<p>\u7d50\u679c\u3001\u4ee5\u4e0b\u306e\u8a2d\u5b9a\u3068\u306a\u308a\u307e\u3057\u305f\u3002<\/p>\n<pre class=\"brush: plain; title: ; notranslate\" title=\"\">\r\nSSLEngine on\r\nSSLCipherSuite ECDHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-SHA384\r\nSSLCipherSuite TLSv1.3 TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_128_GCM_SHA256:TLS_AES_128_CCM_SHA256:TLS_AES_128_CCM_8_SHA256\r\nSSLProtocol TLSv1.2 +TLSv1.3\r\nSSLHonorCipherOrder On \r\nHeader set Strict-Transport-Security: &quot;max-age=31536000; includeSubDomains; preload&quot;\r\n<\/pre>\n<h2>\u8a2d\u5b9a\u7d50\u679c\u3092\u30c6\u30b9\u30c8\u3059\u308b\uff01\uff08SSL Labs\uff09<\/h2>\n<p>\u4ee5\u4e0b\u306e\u30b5\u30a4\u30c8\u306b\u30a2\u30af\u30bb\u30b9\u3057\u307e\u3059\u3002<\/p>\n<ul>\n<li><a href=\"https:\/\/www.ssllabs.com\/ssltest\/\">SSL Server Test (Powered by Qualys SSL Labs)<\/a><\/li>\n<\/ul>\n<p>\u4ee5\u4e0b\u306e\u3068\u304a\u308a\u3001\u30c6\u30b9\u30c8\u3059\u308b\u30b5\u30a4\u30c8\u306eURL\u306e\u5165\u529b\u3068\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3044\u3001\u300cSubmit\u300d\u30dc\u30bf\u30f3\u3092\u62bc\u3059\u3068\u3001\u30b5\u30a4\u30c8\u306e\u6697\u53f7\u5316\u901a\u4fe1\u306e\u5f37\u5ea6\u3084\u8106\u5f31\u6027\u306e\u30c1\u30a7\u30c3\u30af\u304c\u958b\u59cb\u3055\u308c\u307e\u3059\u3002<\/p>\n<ul>\n<li>Hostname\uff1a\u8106\u5f31\u6027\u3092\u78ba\u8a8d\u3057\u305f\u3044\u30b5\u30a4\u30c8\u3092URL\u3067\u6307\u5b9a\u3057\u307e\u3059\u3002<\/li>\n<li>Do not show the results on the boards\uff1a\u78ba\u8a8d\u7d50\u679c\u3092\u516c\u958b\u3057\u305f\u304f\u306a\u3044\u5834\u5408\u306f\u30c1\u30a7\u30c3\u30af\u3092\u5165\u308c\u307e\u3059\uff01<\/li>\n<\/ul>\n<h2>\u78ba\u8a8d\u7d50\u679c\uff08\u6982\u8981\uff09<\/h2>\n<p>\u5f53\u30b5\u30a4\u30c8\u306f\u3001\u30e9\u30f3\u30af\u300cA+\u300d\u3092\u7372\u5f97\u3059\u308b\u3053\u3068\u304c\u3067\u304d\u307e\u3057\u305f\uff01\u5f31\u3081\u306e\u6697\u53f7\u300cECDHE-RSA-AES256-SHA384\u300d\u304c\u6b8b\u3063\u3066\u3044\u307e\u3059\u304c\u3001\u300cSSL Labs\u300d\u3067\u306e\u8a55\u4fa1\u306f\u4f4e\u304f\u306f\u306a\u308a\u307e\u305b\u3093\u3067\u3057\u305f\u3002\u5f53\u30b5\u30a4\u30c8\u306f\u57fa\u672c\u306f\u60c5\u5831\u63d0\u4f9b\u578b\u306a\u306e\u3067\u3001\u53b3\u3057\u3059\u304e\u308b\u8a2d\u5b9a\u306b\u3057\u306a\u304f\u3066\u3082\u3088\u3044\u3068\u3044\u3046\u7d50\u8ad6\u306b\u843d\u3061\u7740\u304d\u307e\u3057\u305f\u3002<\/p>\n<h2>\u3055\u3089\u306b\u6697\u53f7\u5316\u5f37\u5ea6\u3092\u9ad8\u3081\u308b\u305f\u3081\u306b\u306f\u30fb\u30fb\u30fb<\/h2>\n<p>\u3055\u3089\u306b\u6697\u53f7\u5316\u5f37\u5ea6\u3092\u9ad8\u3081\u308b\u306b\u306f\u3001\u8a3c\u660e\u66f8\u3092RSA\u304b\u3089\u6955\u5186\u6697\u53f7\u306b\u5909\u3048\u308b\u5fc5\u8981\u304c\u3042\u308a\u3001\u4eca\u56de\u306f\u65ad\u5ff5\u3057\u307e\u3057\u305f\u3002<\/p>\n<h2>\u304a\u308f\u308a\u306b<\/h2>\n<p>\u6697\u53f7\u5316\u306e\u8a2d\u5b9a\u5185\u5bb9\u3092\u6c7a\u3081\u308b\u306e\u306f\u96e3\u3057\u3044\u3067\u3059\u304c\u3001IPA\u306e\u30ac\u30a4\u30c9\u304c\u53c2\u8003\u306b\u306a\u308a\u307e\u3059\u3002\u8a2d\u5b9a\u3092\u7d42\u3048\u305f\u3089\u3001\u8106\u5f31\u6027\u306e\u30c1\u30a7\u30c3\u30af\u3092\u884c\u3044\u307e\u3057\u3087\u3046\u3002<\/p>\n<h2>\u95a2\u9023\u8a18\u4e8b<\/h2>\n<div class=\"sc_getpost\"><a class=\"clearfix\" href=\"https:\/\/lab4ict.com\/system\/archives\/15651\" ><div class=\"sc_getpost_thumb post-box-thumbnail__wrap\"><img decoding=\"async\" src=\"data:image\/gif;base64,R0lGODdhAQABAPAAAN3d3QAAACwAAAAAAQABAAACAkQBADs=\" width=\"150\" height=\"150\" alt=\"\u3010\u8a18\u4e8b\u4e00\u89a7\u3011\u516c\u958b\u7528\u306eWordPress\u30b5\u30fc\u30d0\u3092\u69cb\u7bc9\u3059\u308b\uff01\uff08Ubuntu 20.04\uff09\" loading=\"lazy\" data-src=\"https:\/\/lab4ict.com\/system\/wp-content\/uploads\/2022\/11\/eyecatch_serverapps_01-150x150.png\" class=\"lazyload\"><\/div><div class=\"title\">\u3010\u8a18\u4e8b\u4e00\u89a7\u3011\u516c\u958b\u7528\u306eWordPress\u30b5\u30fc\u30d0\u3092\u69cb\u7bc9\u3059\u308b\uff01\uff08Ubuntu 20.04\uff09<\/div><div class=\"substr\">Ubuntu 20.04\u3067\u3001\u516c\u958b\u7528\u306eWordPress\u30b5\u30fc\u30d0\u3092\u69cb\u7bc9\u3059\u308b\u305f\u3081\u306e\u8a18\u4e8b\u4e00\u89a7\u3092\u63b2\u8f09\u3057\u307e\u3059\u3002...<\/div><\/a><\/div>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Apache + OpenSSL\u306b\u3088\u308bTLS\u901a\u4fe1\u306e\u6697\u53f7\u8a2d\u5b9a\u3092\u5f37\u5316\u3057\u307e\u3059\u3002<\/p>\n","protected":false},"author":1,"featured_media":14987,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[155],"tags":[37,51,359,672,543,32,1268,1270,1269],"class_list":["post-15687","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-wordpress","tag-tls","tag-ubuntu","tag-ubuntu-server","tag-ubuntu-server-20-04","tag-wordpress","tag-32","tag-1268","tag-1270","tag-1269"],"_links":{"self":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/15687","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/comments?post=15687"}],"version-history":[{"count":7,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/15687\/revisions"}],"predecessor-version":[{"id":15704,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/posts\/15687\/revisions\/15704"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media\/14987"}],"wp:attachment":[{"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/media?parent=15687"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/categories?post=15687"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lab4ict.com\/system\/wp-json\/wp\/v2\/tags?post=15687"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}